.Ferrovial Welcome to the Ferrovial's website, global operator of sustainable infrastructure.
Here you can find all the information about the company and subsidiaries.
Ferrovial is one of the world's leading infrastructure operators, committed to developing sustainable solutions.
The Head of Cybersecurity, Ferrovial Construction, is responsible for the oversight and deployment of all adequate measures and controls to provide the Company and its subsidiaries with a reasonable cybersecurity control level.
This role will initiate, plan, deploy, maintain, control, improve all aspects of Ferrovial Construction cybersecurity.
Essential Duties and Responsibilities: Lead, manage and grow Ferrovial Construction cybersecurity function according to Business needs.
Develop a cybersecurity practice in Ferrovial Construction that can be relevant to its business units, subsidiaries and joint ventures by defining and implementing a Cybersecurity strategy.
Negotiate with and for Ferrovial Construction business units, subsidiaries and joint ventures the contracts, conditions and terms regarding the cybersecurity baseline that must be provided.
Guarantee the deployment of adequate measures and controls onto products and services built through digital and technology initiatives.
Ensure the maintenance and continuous improvement of such measures and controls along the products and services lifecycle.
Manage and control security projects including start up and launch of benchmarks and proof of concepts.
Manage cybersecurity vendors whose services are being provided to Ferrovial Construction business units, subsidiaries and joint ventures.
Regular communications with Ferrovial Construction senior management to report the cybersecurity posture of their companies, the projects milestones consecution and the compliance situation in terms of cybersecurity.
Provide support to Ferrovial risk and internal audit department.
Identify business opportunities to provide enhanced cybersecurity services to Ferrovial Construction business units, subsidiaries and joint ventures.
Qualifications: Education & Experience: Master's Degree in Computer Science, Engineering, Information Technology or equivalent.
7-10+ years of experience in managing complex cybersecurity environments through its full lifecycle.
Previous experience in power and/or utility sectors.
Definition, deployment and improvement of security strategies, plans, and governance models in large enterprises and corporations, and in international environments.
Definition, deployment, and improvement of risk management models.
OT, ICS, IoT cybersecurity knowledge and experience, especially on the ISA/IEC 62443 Standards, Purdue Model and Defense in Depth implementation.
Deployment, maintenance and assessment of ISO 27001, NIST CSF and ENS certified environments.
Identification and treatment of risk derived from laws and compliance requisites